Wednesday, January 20, 2010

Microsoft Dynamics GP 2010 - Security Enhancements

This article opens the series on the new features and enhancements available in Microsoft Dynamics GP 2010. I will start out with something dear to the heart of systems administrators and that's security. So let's take a look at the first set of enhancements that have been introduced to the new release.

Automatic Login

Now you have the option to log on to Microsoft Dynamics GP and a default -- favorite if you will -- company automatically. In order for the login to take place automatically, the system administrator must mark the Enable Remember User field in the System Preferences window.

You will notice a new checkmark on the Welcome to Microsoft Dynamics GP window to Remember user and password.

And you will also notice a checkmark on the Company Login window to Remember this company.

As mentioned before, having the ability to access these new enhancements is a system wide administrative option set via the System Preferences window - MSDGP > Tools > Setup > System > System Preferences.

Copy User Security Settings

System administrators lost a lot of the cool features available in version's 8.0 and 9.0's Advanced Security module after upgrading to Microsoft Dynamics GP 10.0 role base security model. One feature in particular that put dents in a lot of desks was the fact that security could not be copied across user accounts.

For Microsoft Dynamics GP 2010, you can now use the Copy User Security window and the User Setup window to copy security settings (roles, tasks, and company access) you want to copy from one user to another.

For example, if you hire a new purchasing agent, you can copy the security settings from an existing purchasing agent instead of manually specifying the security settings. If the new purchasing agent is transferring from another position in your company, copying replaces any existing security settings for the user you are copying to.

Security Roles and Tasks Filters

You can now filter out only the security tasks and items to which access has been granted in the Security Task Setup window, the Security Role Setup window, and the User Security Setup window instead of viewing all security tasks, roles, and items. This makes understanding security settings assigned to tasks, roles, and items a breeze.

These enhancements will certainly facilitate security administration for the system administrator, while allowing users the ability to speed up login into the company of their preference. Please let me know what you think about these enhancements.

Until next post!

Mariano Gomez, MVP
Maximum Global Business, LLC


Steve Endow said...

Hi Mariano,

Great post, thanks for the info!

I am developing a solution for a GP 2010 beta site, so I read your post earlier today, and literally had to refer to it this afternoon!

One issue that came up was that I had to figure out how to disable the "Remember this company" option.

I originally poked around the system setup windows, but it seems that switching companies brings up the company dialog, which then allows you to uncheck that option.

Mariano Gomez said...


Glad you liked the article! I will perhaps edit to include the "how to disable" portion, but yes, switching companies allow you to disable the option.


Dave Drlich said...

Here we have a Helpdesk team that handles shutting off most accounts where users leave. We want to have them adopt that process in GP as well, since they are already doing it. However, I don't want to allow them any further access to the system. I can create a user and give them the needed SQL permissions to do the user management. I can limit them to just the user form and the user look-up form. However, using this, they can still access the copy functions, so they could look up their own ID and then copy the sa permissions to their own account. I do not have field level security so I can't turn off their ability to pick a user in the "copy from" field. Is there any way that I can successfully lock the system so that they can only remove the logins for the users that are no longer needed?

Mariano Gomez said...


Take a look at the Dynamics GP Toolbox by Rockton Software.


Anonymous said...

Hi Mariano, How I can copy all field level security assigned to one user to another user

Thanks for your answer

Manny_V said...

Hola, in order to rule out windows security issues, that could be causing processes not to complete, such as the dreaded 'posting interrupted' in AP. Could you provide the appropriate windows security permission for GP2010. We use citrix for client access to the main DB installation on the server. They are all virtual hyperv servers. Partner recommends groups of GP ussers be added to the Microsoft Dynamics program files(x86) folder with read and write privileges. Can you provide some kind of link from Microsoft that details this type of security or perhaps and explanation. I appreciate the help Mariano! Thanks Manolo Vivero
PS; wasn't sure if it was posted correctly so I am sending the post again JIC.